Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES - December 20, 2006

by: Marianna Schmudlach December 20, 2006 8:14 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES - December 20, 2006

by Marianna Schmudlach - 12/20/06 8:14 AM

phpProfiles Multiple File Inclusion Vulnerabilities

SECUNIA ADVISORY ID:
SA23423

VERIFY ADVISORY:
http://secunia.com/advisories/23423/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
phpProfiles 3.x
http://secunia.com/product/12934/

DESCRIPTION:
nuffsaid has discovered several vulnerabilities in phpProfiles, which
can be exploited by malicious people to compromise vulnerable
systems.

Input passed to the "incpath" parameter in account.inc.php,
admin_newcomm.inc.php, body_admin.inc.php, body.inc.php,
comm_post.inc.php, commrecc.inc.php, do_reg.inc.php, friends.inc.php,
header_admin.inc.php, header.inc.php, index.inc.php, menu_u.inc.php,
menu_v.inc.php and notify.inc.php, the "menu" parameter in
body_admin.inc.php and body.inc.php and the "scriptpath" parameter
with the POST method to remove_pic.inc.php is not properly verified
before being used to include files. This can be exploited to include
arbitrary files from local or external resources. All scripts are
located in the include directory.

The vulnerabilities are confirmed in version 3.1.2. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
nuffsaid

ORIGINAL ADVISORY:
http://www.milw0rm.com/exploits/2956


Reply
Report offensive post
Email to friend

CA Portal Technology Session Handling Vulnerability

by Marianna Schmudlach - 12/20/06 8:16 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
CA Portal Technology Session Handling Vulnerability

SECUNIA ADVISORY ID:
SA23426

VERIFY ADVISORY:
http://secunia.com/advisories/23426/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
From local network

SOFTWARE:
CA Unicenter Workload Control Center 1.x
http://secunia.com/product/12932/
CA Unicenter Management Portal 3.x
http://secunia.com/product/3936/
CA Unicenter Management Portal 2.x
http://secunia.com/product/3937/
CA Unicenter Enterprise Job Manager 1.x
http://secunia.com/product/5588/
CA Unicenter Database Management Portal 11.x
http://secunia.com/product/12931/
CA Unicenter Database Command Center 11.x
http://secunia.com/product/12928/
CA Unicenter Asset Portfolio Management 11.x
http://secunia.com/product/7125/
CA eTrust Security Command Center 8.x
http://secunia.com/product/12927/
CA eTrust Security Command Center 1.x
http://secunia.com/product/3693/
CA CleverPath Portal 4.x
http://secunia.com/product/6404/
CA CleverPath Aion 10.x
http://secunia.com/product/5582/
CA BrightStor Portal 11.x
http://secunia.com/product/5577/
CA Unicenter Management Portal 11.x
http://secunia.com/product/12933/

DESCRIPTION:
A vulnerability has been reported in CA's Portal technology, which
potentially can be exploited by malicious users to bypass certain
security restrictions.

The problem is that when multiple Portal servers share a common data
source, a malicious user may be be able to inherit the session and
security authentication of another user from a different Portal
server.

SOLUTION:
Apply patches.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

CA Anti-Virus vetfddnt.sys and vetmonnt.sys Local DoS Vulns.

by Donna Buenaventura Moderator - 12/20/06 10:47 AM

In Reply to: CA Portal Technology Session Handling Vulnerability by Marianna Schmudlach

Related Advisory: CA Anti-Virus vetfddnt.sys and vetmonnt.sys Local DoS Vulnerabilities
http://www.securiteam.com/windowsntfocus/6J00N00HQC.html

Multiple instances of improper handling of NULL buffers in CA Anti-Virus allow local attackers to cause a denial of service condition. This issue affects only consumer CA Anti-Virus products.

Vulnerable Systems:
* CA Anti-Virus 2007 version 8.1
* CA Anti-Virus for Vista Beta version 8.2
* CA Internet Security Suite 2007 version 3.0

Status and Recommendation:
CA has addressed this issue in the GA (Generally Available) software by providing a new automatic update on December 13, 2006. Customers running one of the GA products simply need to ensure that they have allowed this automatic update to take place. For CA Anti-Virus for Vista Beta, this issue will be patched in the GA release of the software.

Determining if you are affected:
View the Help>About screen and confirm that the product version is 8.3.0.1 or above. You can also verify application of the update by confirming that the vetfddnt.sys and vetmonnt.sys driver versions are 8.3.0.1 or above. These files are located in the %windows%\system32\drivers folder.


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Sun Java JRE Applet Security Bypass

by Marianna Schmudlach - 12/20/06 8:17 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
Sun Java JRE Applet Security Bypass

SECUNIA ADVISORY ID:
SA23398

VERIFY ADVISORY:
http://secunia.com/advisories/23398/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
Sun Java JDK 1.5.x
http://secunia.com/product/4621/
Sun Java JRE 1.5.x / 5.x
http://secunia.com/product/4228/
Sun Java JRE 1.4.x
http://secunia.com/product/784/
Sun Java JRE 1.3.x
http://secunia.com/product/87/
Sun Java SDK 1.4.x
http://secunia.com/product/1661/
Sun Java SDK 1.3.x
http://secunia.com/product/1660/

DESCRIPTION:
Two vulnerabilities have been reported in Sun Java JRE (Java Runtime
Environment), which can be exploited by malicious people to bypass
certain security restrictions.

The vulnerabilities are caused due to unspecified errors in the Java
Runtime Environment and may allow a malicious, untrusted applet to
access data in other applets.

The vulnerabilities are reported in the following versions:
* JDK and JRE 5.0 Update 6 and prior
* SDK and JRE 1.4.2_12 and prior
* SDK and JRE 1.3.1_18 and prior

SOLUTION:
Update to fixed versions.

JDK and JRE 5.0:
Update to JDK and JRE 5.0 Update 7 or later.
http://java.sun.com/javase/downloads/index_jdk5.jsp

SDK and JRE 1.4.x:
Update to SDK and JRE 1.4.2_13 or later.
http://java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.x:
Update to SDK and JRE 1.3.1_19 or later.
http://java.sun.com/j2se/1.3/download.html

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Tom Hawtin.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Novell NetWare Welcome web-app Cross-Site Scripting Vulnerab

by Marianna Schmudlach - 12/20/06 8:18 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
Novell NetWare Welcome web-app Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA23406

VERIFY ADVISORY:
http://secunia.com/advisories/23406/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

OPERATING SYSTEM:
Novell NetWare 6.x
http://secunia.com/product/78/

DESCRIPTION:
A vulnerability has been reported in Novell NetWare, which can be
exploited by malicious people to conduct cross-site scripting
attacks.

Input passed to unspecified parameters in the Welcome web-app is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

The vulnerability is reported in version 6.5 SP5 and 6.5 SP6.

SOLUTION:
The vendor recommends to disable the Welcome web-app (see vendor
advisory for details).

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
Novell:
https://secure-support.novell.com/KanisaPlatform/Publishing/514/3319127_f.SAL_Public.html


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

PHP-Update blog.php Multiple Vulnerabilities

by Marianna Schmudlach - 12/20/06 8:19 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
PHP-Update blog.php Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA23407

VERIFY ADVISORY:
http://secunia.com/advisories/23407/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Manipulation of data, System access

WHERE:
From remote

SOFTWARE:
PHP-Update 2.x
http://secunia.com/product/12926/

DESCRIPTION:
rgod has discovered some vulnerabilities in PHP-Update, which can be
exploited by malicious people to bypass certain security restrictions
and by malicious users to compromise vulnerable systems and manipulate
data.

1) The security bypass vulnerability is caused due to an insecure
authentication method in blog.php. This can be exploited to bypass
authentication and post blog entries by passing the value "1" to the
parameters "adminuser" and "permission".

2) Input passed to the "newmessage" parameter in blog.php is not
properly sanitised before being written to a web-accessible file.
This can be exploited to execute arbitrary PHP code.

Successful exploitation requires valid user credentials (but see 1).

3) Input passed to the "f" parameter in blog.php is not properly
sanitised before being used to write files. This can be exploited to
create and overwrite arbitrary files with the file extension ".php"
via directory traversal attacks.

Successful exploitation requires valid user credentials (but see 1).

The vulnerabilities are confirmed in version 2.7 flat file edition
but not in version 2.7 MySQL edition. Other versions may also be
affected.

SOLUTION:
Edit the source code to ensure that input is properly sanitised and
that authentication is done correctly.

PROVIDED AND/OR DISCOVERED BY:
rgod

ORIGINAL ADVISORY:
http://www.milw0rm.com/exploits/2953


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Sun Java JRE Multiple Vulnerabilities

by Marianna Schmudlach - 12/20/06 8:20 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
Sun Java JRE Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA23445

VERIFY ADVISORY:
http://secunia.com/advisories/23445/

CRITICAL:
Highly critical

IMPACT:
Privilege escalation, System access

WHERE:
From remote

SOFTWARE:
Sun Java JDK 1.5.x
http://secunia.com/product/4621/
Sun Java JRE 1.5.x / 5.x
http://secunia.com/product/4228/
Sun Java JRE 1.4.x
http://secunia.com/product/784/
Sun Java JRE 1.3.x
http://secunia.com/product/87/
Sun Java SDK 1.4.x
http://secunia.com/product/1661/
Sun Java SDK 1.3.x
http://secunia.com/product/1660/

DESCRIPTION:
Some vulnerabilities have been reported in Sun Java JRE (Java Runtime
Environment), which can be exploited by malicious people to compromise
a user's system.

1) Two errors exist in the Java Runtime Environment, which can be
exploited by malicious, untrusted applets to read and write local
files, or to execute local applications.

2) Two errors related to serialisation exist in the Java Runtime
Environment, which can be exploited by a malicious, untrusted applet
to elevate it's privileges.

The following releases are affected:
* JDK and JRE 5.0 Update 7 and prior
* SDK and JRE 1.4.2_12 and prior
* SDK and JRE 1.3.1_18 and prior (not affected by vulnerability #2)

SOLUTION:
Update to fixed versions:

JDK and JRE 5.0:
Update to JDK and JRE 5.0 Update 8 or later.
http://java.sun.com/javase/downloads/index_jdk5.jsp

SDK and JRE 1.4.x:
Update to SDK and JRE 1.4.2_13 or later.
http://java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.x:
Update to SDK and JRE 1.3.1_19 or later.
http://java.sun.com/j2se/1.3/download.html

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
#1) Chris Evans
#2) Tom Hawtin

ORIGINAL ADVISORY:
Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1

http://scary.beasts.org/security/CESA-2005-008.txt


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apple Mac OS X Quicktime/Quartz Composer Information Disclos

by Marianna Schmudlach - 12/20/06 8:21 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
Apple Mac OS X Quicktime/Quartz Composer Information Disclosure

SECUNIA ADVISORY ID:
SA23438

VERIFY ADVISORY:
http://secunia.com/advisories/23438/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
A vulnerability has been reported in Mac OS X, which can be exploited
by malicious people to gain knowledge of sensitive information.

The problem is that unsigned Java applets are able to use Quicktime
for Java and Quartz Composer to upload images which may potentially
contain sensitive information.

The vulnerability is reported in the following versions:
* Mac OS X v10.4.8
* Mac OS X Server v10.4.8

Systems prior to v10.4 are reportedly not affected.

SOLUTION:
Apply Security Update 2006-008.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Geoff Beier.

ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=304916


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for seamonkey

by Marianna Schmudlach - 12/20/06 8:23 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
Red Hat update for seamonkey

SECUNIA ADVISORY ID:
SA23433

VERIFY ADVISORY:
http://secunia.com/advisories/23433/

CRITICAL:
Highly critical

IMPACT:
Cross Site Scripting, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/
RedHat Enterprise Linux AS 2.1
http://secunia.com/product/48/
RedHat Enterprise Linux AS 3
http://secunia.com/product/2534/
RedHat Enterprise Linux ES 2.1
http://secunia.com/product/1306/
RedHat Enterprise Linux ES 3
http://secunia.com/product/2535/
RedHat Enterprise Linux WS 2.1
http://secunia.com/product/1044/
RedHat Enterprise Linux WS 3
http://secunia.com/product/2536/
RedHat Linux Advanced Workstation 2.1 for Itanium
http://secunia.com/product/1326/

DESCRIPTION:
Red Hat has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks and potentially compromise a
user's system.

For more information:
SA23422

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2006-0759.html

OTHER REFERENCES:
SA23422:
http://secunia.com/advisories/23422/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Linux Kernel "mincore()" Deadlock Denial of Service

by Marianna Schmudlach - 12/20/06 8:24 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
Linux Kernel "mincore()" Deadlock Denial of Service

SECUNIA ADVISORY ID:
SA23436

VERIFY ADVISORY:
http://secunia.com/advisories/23436/

CRITICAL:
Not critical

IMPACT:
DoS

WHERE:
Local system

OPERATING SYSTEM:
Linux Kernel 2.4.x
http://secunia.com/product/763/

DESCRIPTION:
Doug Chapman has reported a vulnerability in the Linux Kernel, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service).

The vulnerability is caused due to an error within the handling of
locking semaphores in "mincore()". This can be exploited to cause a
deadlock by using the function on unmapped pages.

SOLUTION:
Update to version 2.4.33.6.

PROVIDED AND/OR DISCOVERED BY:
Doug Chapman

ORIGINAL ADVISORY:
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.6


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

HP FTP Print Server LIST Denial of Service Vulnerability

by Marianna Schmudlach - 12/20/06 8:25 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
HP FTP Print Server LIST Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA23396

VERIFY ADVISORY:
http://secunia.com/advisories/23396/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From local network

SOFTWARE:
HP FTP Print Server 2.x
http://secunia.com/product/12924/

DESCRIPTION:
Joxean Koret has reported a vulnerability in HP FTP Print Server,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

The vulnerability is caused due to an error in the handling of
arguments passed to the LIST command. This can be exploited to crash
the service via an overly long string passed as argument to the
vulnerable command.

The vulnerability is reported in versions 2.4 and 2.4.5. Other
versions may also be affected.

SOLUTION:
Grant access to trusted users only.

PROVIDED AND/OR DISCOVERED BY:
Joxean Koret

ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051367.html


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WinFtp Server Data Handling Denial of Service Vulnerability

by Marianna Schmudlach - 12/20/06 8:26 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
WinFtp Server Data Handling Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA23412

VERIFY ADVISORY:
http://secunia.com/advisories/23412/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
WinFtp Server 2.x
http://secunia.com/product/12923/

DESCRIPTION:
shinnai has discovered a vulnerability in WinFtp Server, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an off-by-one error when
processing data received from the client. This can be exploited to
crash the service by sending an overly long string (greater than 500
bytes) to the service.

The vulnerability is confirmed in version 2.0.2. Other versions may
also be affected.

SOLUTION:
Restrict access to the FTP service.

PROVIDED AND/OR DISCOVERED BY:
shinnai


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apple Mac OS X Security Update Fixes QuickTime Information D

by Marianna Schmudlach - 12/20/06 8:28 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

Apple Mac OS X Security Update Fixes QuickTime Information Disclosure Vulnerability

Advisory ID : FrSIRT/ADV-2006-5072
CVE ID : CVE-2006-5681
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-12-20

A vulnerability has been identified in Apple Mac OS X, which could be exploited by attackers to gain knowledge of sensitive information. This issue is due to an error in QuickTime for Java when used in conjunction with Quartz Composer to obtain images rendered on screen by embedded QuickTime objects, which could be exploited by malicious Java applets to capture images that may contain local information.

Affected Products

Apple Mac OS X version 10.4.8 and prior
Apple Mac OS X Server version 10.4.8 and prior

Solution

Security Update 2006-008 (Universal) :
http://www.apple.com/support/downloads/securityupdate2006008universal.html

Security Update 2006-008 (PPC) :
http://www.apple.com/support/downloads/securityupdate2006008ppc.html

References

http://www.frsirt.com/english/advisories/2006/5072
http://docs.info.apple.com/article.html?artnum=304916

Credits

Vulnerability reported by Geoff Beier


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Nortel CallPilot Server Unspecified Requests Handling Securi

by Marianna Schmudlach - 12/20/06 8:29 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

Advisory ID : FrSIRT/ADV-2006-5070
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-12-20

A vulnerability has been identified in Nortel CallPilot. This issue is due to an unspecified error with an unknown impact and unknown attack vectors.

Affected Products

Nortel CallPilot versions 4.x

Solution

Apply patch :
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=363252

References

http://www.frsirt.com/english/advisories/2006/5070
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=363252

Credits

Vulnerability reported by the vendor


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SuSE Security Update Fixes Multiple Code Execution and Secur

by Marianna Schmudlach - 12/20/06 8:32 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

SuSE Security Update Fixes Multiple Code Execution and Security Bypass Vulnerabilities

Advisory ID : FrSIRT/ADV-2006-5076
CVE ID : CVE-2006-5864 - CVE-2006-6105 - CVE-2006-6120 - CVE-2006-6142
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-12-20

SuSE has released security updates to address multiple vulnerabilities identified in koffice, squirrelmail, evince, and gdm. For additional information, see : FrSIRT/ADV-2006-4771 - FrSIRT/ADV-2006-4828 - FrSIRT/ADV-2006-4747 - FrSIRT/ADV-2006-5015

Affected Products

SuSE Linux 10
SuSE Linux 9.x
SuSE Linux 8.x
SuSE Linux 7.x
SuSE Linux Connectivity Server
SuSE Linux Database Server
SuSE Linux Desktop 1.x
SuSE Linux Enterprise Server 7
SuSE Linux Enterprise Server 8
SUSE Linux Enterprise Server 9
SuSE Linux Firewall
SuSE Linux Standard Server 8
SuSE Linux Office Server
SuSE Linux Openexchange Server 4.x

Solution

Upgrade the affected packages :
ftp://ftp.suse.com/pub/suse/update/

References

http://www.frsirt.com/english/advisories/2006/5076
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0008.html


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for thunderbird

by Marianna Schmudlach - 12/20/06 8:34 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
Red Hat update for thunderbird

SECUNIA ADVISORY ID:
SA23439

VERIFY ADVISORY:
http://secunia.com/advisories/23439/

CRITICAL:
Highly critical

IMPACT:
Cross Site Scripting, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/

DESCRIPTION:
Red Hat has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks and potentially compromise a
user's system.

For more information:
SA23420

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2006-0760.html

OTHER REFERENCES:
SA23420:
http://secunia.com/advisories/23420/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for tar

by Marianna Schmudlach - 12/20/06 8:35 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
Red Hat update for tar

SECUNIA ADVISORY ID:
SA23443

VERIFY ADVISORY:
http://secunia.com/advisories/23443/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS 3
http://secunia.com/product/2534/
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux AS 2.1
http://secunia.com/product/48/
RedHat Enterprise Linux ES 2.1
http://secunia.com/product/1306/
RedHat Enterprise Linux ES 3
http://secunia.com/product/2535/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 2.1
http://secunia.com/product/1044/
RedHat Enterprise Linux WS 3
http://secunia.com/product/2536/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/
RedHat Linux Advanced Workstation 2.1 for Itanium
http://secunia.com/product/1326/

DESCRIPTION:
Red Hat has issued an update for tar. This fixes a weakness, which
can be exploited by malicious people to overwrite arbitrary files.

For more information:
SA23115

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2006-0749.html


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for firefox

by Marianna Schmudlach - 12/20/06 8:36 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

TITLE:
Red Hat update for firefox

SECUNIA ADVISORY ID:
SA23440

VERIFY ADVISORY:
http://secunia.com/advisories/23440/

CRITICAL:
Highly critical

IMPACT:
Cross Site Scripting, System access

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/

DESCRIPTION:
Red Hat has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks and potentially compromise a
user's system.

For more information:
SA23282

SOLUTION:
Updated packages are available from Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2006-0758.html

OTHER REFERENCES:
SA23282:
http://secunia.com/advisories/23282/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ESET NOD32 Antivirus File Parsing Code Execution and Denial

by Marianna Schmudlach - 12/20/06 10:28 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

ESET NOD32 Antivirus File Parsing Code Execution and Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2006-5095
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-12-20

Multiple vulnerabilities have been identified in ESET NOD32 Antivirus, which could be exploited by attackers or malware to take complete control of an affected system or cause a denial of service.

The first issue is due to a buffer overflow error when handling malformed "DOC" files, which could be exploited by attackers to execute arbitrary commands by tricking a system protected by a vulnerable application to scan a malicious document.

The second vulnerability is due to a division by zero error when handling a malformed "CHM" file, which could be exploited by attackers to crash a vulnerable application, creating a denial of service condition.

Affected Products

ESET NOD32 Antivirus versions 2.x

Solution

Upgrade to ThreatSense Update v.1.1743 or later :
http://eset.com/support/updates.php

References

http://www.frsirt.com/english/advisories/2006/5095

Credits

Vulnerability reported by Sergio Alvarez (n.runs AG)


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisor

by Donna Buenaventura Moderator - 12/20/06 10:51 AM

In Reply to: VULNERABILITIES - December 20, 2006 by Marianna Schmudlach

Affected Products: ESET NOD32 Antivirus
Vulnerability: Arbitrary Code Execution (remote)
Risk: HIGH

Vendor communication:
2006/08/24 initial notification of ESET
2006/08/28 ESET Response
2006/08/29 PGP keys exchange
2006/08/29 PoC files sent to ESET
2006/09/06 ESET initial feedback.
2006/09/08 ESET confirmed the bug and fixed
2006/09/08 ESET made available the updates

Description:
Multiple vulnerabilities have been found in the file parsing engine.

In detail, the following flaw was determined:

- Divide by Zero in .CHM file parsing.
- Heap Overflow through Integer Overflow in .DOC File Parsing

The .DOC problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerabilities.
The vulnerabilities are present in NOD32 Antivirus software versions prior to the update v.1.1743.

Solution:
The vulnerabilities were reported on Aug 24 and an update has been issued on Sep 08 to solve these vulnerabilities through the regular update mechanism.

Reference: http://www.securityfocus.com/archive/1/454949 (advisory published Dec. 20, 2006)


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close